WO2010075761A1 - Method, server and system for providing resource for an access user - Google Patents

Method, server and system for providing resource for an access user Download PDF

Info

Publication number
WO2010075761A1
WO2010075761A1 PCT/CN2009/076141 CN2009076141W WO2010075761A1 WO 2010075761 A1 WO2010075761 A1 WO 2010075761A1 CN 2009076141 W CN2009076141 W CN 2009076141W WO 2010075761 A1 WO2010075761 A1 WO 2010075761A1
Authority
WO
WIPO (PCT)
Prior art keywords
group
user
information
identity
server
Prior art date
Application number
PCT/CN2009/076141
Other languages
French (fr)
Chinese (zh)
Inventor
孙谦
胡立新
谭东晖
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CN 200810242210 priority Critical patent/CN101771677B/en
Priority to CN200810242210.6 priority
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2010075761A1 publication Critical patent/WO2010075761A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation, e.g. computer aided management of electronic mail or groupware; Time management, e.g. calendars, reminders, meetings or time accounting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/104Grouping of entities

Abstract

A method for providing resource for an access user is provided by the present invention. The method comprises the steps of: acquiring the group information of the user from corresponding server according to the identifier of the access user; authenticating the group member identity of the user according to the group information; providing resource for the user according to the result of the authentication. By using the embodiment of the present invention, in the distributed social networks environment, sharing resource conveniently and safely is realized by authenticating the identity of the group member reliably by the websites which the group belongs to.

Description

A method of providing user access to a resource method, server and system of the present application claims the December 31, 2008 filed Application No. 200810242210.6, entitled "A method of providing user access to a resource method, server and system," the Chinese patent the priority application, the entire contents of which are incorporated by reference in the present application. FIELD

The present invention relates to social networks, and more particularly to a distributed social network for providing user access to a resource method, application server, a social networking site server, OpenlD provider and server systems. Background technique

Social networking sites (Social Network Site, SNS) is a web-based virtual social network idea to establish a network of social relations. From Myspace to Facebook, happy network and campus network and other social networking sites at home and abroad has matured, more and more people become a part of everyday life. At present, many traditional Internet portals and telecom operators have also launched a social networking service, in addition to the emergence of a large number of applications available to users of the social networking platform, and application interoperability and resource sharing problem between the social network has become more obvious . There are now related to the main technical open protocol identity (Open Identity, OpenlD) and Open Authentication (Open Authentication, OAuth) and so on.

OpenlD is a user-centric digital identification frame, which has an open, dispersion characteristics of freedom. OpenlD specific terms and specification information can be found on its official website (www.openid.net). For website support OpenlD, the user does not have access to traditional verification mark to be registered like user name and password for each site. Instead, users only need to pre-register on a provider's identity as OpenlD website, then you can use a OpenlD identity to log into each site. OpenlD is decentralized, any website can be used as a way to OpenlD user logs on, any site can also be used as OpenlD identity provider. OpenID only solve the problem but does not need to rely on the central website to confirm digital identity. OpenID is being adopted by more and more websites. The case OAuth protocol for Web sites and applications to disclose its certification in without the user (such as passwords), the interface (API) to access a protected resource by the application.

In order to truly achieve complete interoperability and resource sharing in a social network, currently relying on OpenID and OAuth protocols such is not enough. The identity of the user and his friends or group members may belong to different OpenID provider server, and a user may be on different websites were all created some groups, but some groups in some other application site authorization to access shared resources. In such a distributed social network environment, not only to authenticate the user's identity across the site, but also to the user's group memberships reliably verified to ensure the security of shared resources. SUMMARY

Example embodiments provide a method of providing user access to the resources of the present invention, comprising: the identity of the user ID to access the server to obtain the corresponding group information of the user; verifying the user based on the information group of the group membership; provide resources to the user based on authentication results.

Example embodiments provide an application server according to the present invention, comprising: a resource data providing unit for storing the resource; resource access authorization setting unit for resource access authorization record store, said resource access authorization record store resource group identifier the correspondence relationship; registering means for receiving a user's login information, including a user identity; application site processing unit for obtaining the user group information according to the user's identity, the group information for group authentication, providing resources to users based on authentication results.

Example embodiments provide a social networking site server of the present invention, comprising: a group information providing unit for storing the group information of the user; social networking site processing unit for, when receiving a request to verify the user's membership, according to the group information storage unit members of the group to verify the user's identity.

Example embodiments provide an open identity providing server, the present invention includes: a group information storage unit for storing the group information of the user; group information providing unit for, when receiving an acquisition group information of the user when a request to return the user group information of the group information stored in the storage unit.

Embodiments provide access to system resources in a social network of the present invention, comprising: an application server, for accepting user by using majority Liu open log identity, the identity of the user identity from the open providing server obtains the user group information, the group according to the group membership information of the user authentication, based on the verification result of providing resources to the user; open identity-providing server for storing group information, including the user as a member of the information site where the group receiving the application server group information acquisition request, to the user as a site where members of the group get signed group information, and then the signed group information is returned to the application the server; social networking site server to store the user's group, when adding or deleting members, the social networking site server server to the user's identity open to send a group event notification.

In summary, the use of embodiments of the invention, a distributed social network environment, reliable verification of the identity of the user group members through the website by the group is located, to realize the convenience and security of shared resources. In particular, is currently the resources and relationships and other data users are often dispersed in different sites on the Internet, the present invention is to break the barriers to sharing resources and data relationships between different sites, greatly benefit the development of the Internet business. BRIEF DESCRIPTION

FIG 1 message interaction flow chart of an embodiment of a user group members are provided to increase the embodiment of the present invention;

Example Embodiment 2 FIG. A user provided a message exchange procedure b server application access to resources of the present invention;

FIG 3 according to a second embodiment of a user-provided message exchange procedure b server application access to resources of the present invention;

Embodiment 4 FIG Example III A user message exchange procedure b provided in the application server to access the resources of the present invention;

FIG 5 according to a fourth embodiment of a user-provided message exchange procedure b server application access to resources of the present invention;

Figure 6 configuration diagram of a website application server according to a fifth embodiment of the present invention; FIG. 7 configuration diagram of a social networking Web server according to a sixth embodiment of the invention; FIG. 8 one kind of a seventh embodiment of the present invention FIG social networking site configuration server; FIG. 9 embodiment OpenID eight configuration diagram of a providing server provided in the embodiment of the present invention; FIG. 10 embodiment OpenID nine structural diagram of a providing server provided by the embodiment of the present invention; FIG. 11 of the present invention a user accesses the application server resource system architecture diagram embodiment 10 provided by the embodiment;

System Architecture FIG. 12 view of a user access to web server resources, the application provides according to an eleventh embodiment of the present invention.

detailed description

Includes Web services side of the user's social data can be called social networking sites or social networking sites, social data (otherwise known as social data, referred to as SNS data) including the user's personal information, contacts, groups and event information and other data. Example describes the resource sharing scheme in a distributed social network system according to the present invention. In order to facilitate the user's login and access the SNS site independent of each other, and the associated data SNS distributed and stored together, preferred embodiments of the present invention employs an open embodiment OpenID identity as the user's identity.

OpenID provides a server (OpenID Providers, OP) can store only a user's basic personal information, such as e-mail, date of birth and gender, you can also store contacts, groups, and activities information of SNS such as complex data, of course, even simple I was only responsible for user authentication. General large SNS sites can be used as OP, responsible for user authentication, the user has confirmed an identity, and also to store various SNS user data. Embodiments of the present invention in a distributed social network system, a user is assumed OpenID provider server corresponding to server site OP-B site of OP-A, corresponding to the user's OpenID b, in another SNS site SNS- group-Ca exists a group of users a C, members of the group includes the user b. There may also be other SNS sites have included members of the user group b, that members of the group included in the user b can be distributed in a number of different SNS website. Save User Groups site may be referred to a group server.

General users can own multiple contacts into groups, which belong to private groups, such as colleagues, classmates, family members, and between members of the group may overlap, that is, a contact may belong to users multiple groups. Also you can use a particular group, such as "my friend" to represent all of the contacts in a user's Web site, so that when a group of resource access authorization, if you want any user can access their contacts for their own resources , you can use this special group "my friend" for authorization. There is also a public group, such as class contacts, QQ group MSN group or other group members can use the group, the group resource access authorization.

In one application server is stored in a user's resource data, such as photos, videos, Web site favorites, comment, log, presence information or location information and other data. Application server also stores user authorization data for a group of Group-Ca, such as allowing members to access user group Group-Ca resource data in the application of a website server. Embodiments of the present invention is omitted for brevity of description as part of the steps performed by the website using OpenID bangs majority redirection process and the like. The present invention corresponds to the actual site referred to there server entity, provide web and other Internet services to users, the site of a variety of specific flow process is completed by a corresponding server.

The first embodiment of the present invention, the user is first described increasing process group members. Referring to FIG. 1, including the steps of:

Step 101, social networking server SNS-C receives a request to add a member to the group. Usually triggered by the user, such as a user can use OpenID identifier (such as http:. // openid-usera example .com) website login SNS-C, a group website SNS-C in own request by Liu majority control group such as a group member of group-Ca increased user b. Group information generally corresponds to a group identity and member list, the group identifies the generic is unique throughout the distributed social network, either by including a site's domain name in a group where group identity in other ways to Guarantee. The group information can also be information group name and description.

In addition triggered by a user, the other authorized users or applications can also increase the user a member in the group's.

Step 102, the site SNS-C increase in membership in the group. Such as increasing the member user b in the group Group-Ca, that increase the user b OpenlD identity and other information on the group's list of members. In other embodiments of the present invention, in addition to an increase by one group member, the contacts may be introduced into the volume group. A list of members of the group included members of the OpenlD identity, such as user b OpenlD identification (such as http://openid-userb.example.net). Information may also contain names of members, nickname, contact information.

Step 103, the site SNS-C notice OP group member. In addition to increasing the eve of Bu members, delete members and other group events can also inform OP group member involved. Such as adding or deleting members of the user group b from Group-Ca, the notice must provide the user b OpenlD server website OP-B. OpenlD group members identified home can determine a corresponding OP, and SNS-C group event site occurs as a notification to the corresponding OP deletions members, the group event notification may include members of the event type and the like OpenlD group identification group event information.

OP-B according to the group event notification can be informed user is a member of a group on the site SNS-C. The group event notification may not include a specific group identity. OP-B when all this notification since no precise OP-B allows the user to know which is a member of a specific group, the site SNS-C may not necessarily increase the user each time a member b. Specific users can increase members b, b to determine whether the user is already a member of the SNS-C in other groups, and if not then send a group event notification to the OP-B, or not sent. And when you remove a member, but also to determine whether the user b SNS-C members of other groups, if not then send a group event notification to the OP-B, or not sent. Such OP-B can be informed if there are sites SNS-C contains all members of the user group in the b range, without having to send a notification every time. Specific non-centralized identity can be verified as interoperable system protocol (Yet Another Decentralized Identity Interoperability System, Yadis) and other groups to find an event notification service provided by OP. Corresponding the XRDS (extensible resource description document, extensible Resource Descriptors) ^ text heave at a port:

<Service xmlns = * 'xri: // $ xrd * ($ v * 2.0) n>

<Type> http://specs.openid.net/auth/3.0/group_notify </ Type>

<URI> http://provider.example.com/group_notify </ URI>

</ Service>

SNS-C group event website provided to the OP address notification service such as "http: 〃 provider.example.com/group- notify" send an HTTP GET or POST request message, which contains the group event information. Request message may contain the following fields:

group- event- type, which is a group of event types, such as adding add, delete delete other types.

member- id, whose value is an OpenID identity, expressed in this message are adding or deleting members of identity.

Optionally, it can also include: group- host, its value is a URL, the website server address represents the group is located. 0P can go to this address to get specific user group information is located. If the request message does not contain this field, 0P site may determine the group where the IP address of the requester or the From field of the HTTP request, etc. The address server.

If 0P-B transmits acquisition request group information included in the application server to a site SNS-C, may be exposed to the user activity information of SNS-C, SNS-C as the site information in accordance with the application can be a web server 0P-B provides the corresponding group information, but not all group users located b. If a malicious Web site without the user to confirm that the group members will join the group this site, and resource authorization of these groups in some other application sites, users will use the site's activity due to go to a malicious site authentication is exposed, it is not conducive to protecting the privacy of users.

It can also improve security by confirming steps: 0P group members can after receiving the group event notification, group members next time you log OP, displays the received notification to the group members, and prompt group members to confirm. If you do not trust this site SNS-C, or that the site SNS-C may be a malicious (such as used to distribute advertising information, or malicious user activity tracking, etc.), you can refuse to confirm the operation. After the group members to confirm the operation, OP members of the group setting confirmation mark the site SNS-C. If subsequent users no longer trust the website SNS-C, it can be modified to reject confirmation mark symbol. Only the user's OpenID server to provide user confirmation request to obtain the website of the group signed group information.

Or when the group members after receiving the OP group event notification, send a confirmation email to group members, the group members click on the link in the email to confirm the operation after, OP group members of the site SNS-C set confirmation flag.

Follow-up may authorize the group resource Group-Ca users who can access a Web site in an application server. Authorization is usually initiated by a user as owner of the resource, such as a group you can authorize access to their resources or location of a group of photos and other information in the application website server. Authorized user group is usually a group they own or as a group member, but can also be a user group does not any relationship. Correspondence between the identification and application server storage resources provided by a user is authorized group, namely the group of resource access authorization record store.

B described next user access to web server application processes, for example, an OP-B mainly described as a proxy to obtain the group information of the present embodiment. Referring to Figure 2, includes the following steps:

In step 201, the user accepts the application server using an OpenID login b.

Step 202, the application server requests the user to obtain the OP-B b as the information of the group members. Specific via HTTP POST or GET message, the message includes a user identification field, such as the contents of the field may be an OpenID user b.

Step 203, OP-B request to the group as the site where the web site for SNS-C, etc. group information, the group information includes a user group list of members b. SNS-C, and other information on the group list is signed to ensure that information is not tampered OP-B. If the user b in addition to being a member of the SNS-C group, the group is also a member of other sites, the OP-B also obtain one by one through the signature of the user group information from these sites b.

Since the information obtained OP-B according to the group event notification, informed members of the group can only contain user b in which sites, but does not know the specific group identifier, and the application site is required in order to carry out a specific group identity authorized access to resources, OP-B To these websites to request a specific group identity. Specific HTTP POST request may use other message, the request message may include a field:

member- id, which is an OpenID identity, this message indicates the identity of the members. Receiving the message of the site should return information on this website where members of the group in the response message.

Response message includes the signature group list and the information field.

member- id, which is an OpenID identity, this message indicates the identity of the members. group- list, which is a group identifier list, the user is a member of these groups.

response- nonce, nonce, must contain a time stamp, it may also contain additional characters and so on. sign- type, the type of signature algorithm, such as PKCS (The Public-Key Cryptography Standards) and the like. When the application server OP-B requests to obtain user information b as a member of a group, you can bring your own type supported signature algorithm, and then is forwarded to SNS-C, SNS-C at the request of the use of these OP-B the signature algorithm type of application server support.

signed, the list of fields to be signed, may contain member- id, group- list and response- nonce fields.

sig, sign- type using an algorithm indicated in the field included in the data signed after the signature.

Group list and signature fields constitute the membership verification result, the group may also be called to verify information.

Step 204, OP-B returns the group information of the user to the application web server b. Group information includes a list of group members as well as signature and other information contained in the user b.

In step 205, the application website server group information to verify the signature. Specific web sites may be used as a public key to verify SNS-C. To confirm the identity of the user group members b After successful authentication, the user can confirm a member of that group b group list.

Step 206, the application server has permission to return to their majority Liu b User access list or list of user names resources.

The server application may identify a group with a group derived from the information in OP-B (group member in accordance with resource access authorization record in the group identifier and the like (for resource access authorized group of users, such as Group-Ca a) contains the user b) comparing the list of users to obtain a user name b have access to a list of these private resources or resource owners.

Use this embodiment, the program, the application server does not have to go to their own group memberships SNS-C authenticate users, but at the same time, the application server verifies the signature by signature technology by the OP-B when you can return to group information to ensure the accuracy of the information group, which improves efficiency and ensure safety. Especially when SNS-C, and OP-B for the same site or sites within the same domain, more efficient than other programs.

In the second embodiment of the present invention, describes the application server directly to their site SNS-C, etc. to verify the user's group membership manner. Referring to Figure 3, including the steps of:

In step 301, the user accepts the application server using an OpenID login b.

Step 302, the application server is requested to obtain the group information OP-B, i.e., the members included in the group information site where the user b.

In step 303, the application server and then get specific group members identify the user b from these website of the group. This step is to get a specific group identity is to verify the results, that is, to determine the user b as a group member. In this way typically have a trust relationship between the application server and the website of the group, otherwise the application website server may obtain the user's group information for illegal purposes. As may be employed SAML (Security Assertion Markup Language, Security Assertion Markup Language) protocol to obtain the specific group members identified user b, and using the HTTP POST message bearer. The site where the group members as the user b b a user attribute, the application server by sending an HTTP POST message requesting user attribute b assertions can be. Attribute assertion may include a user returned OpenID identity of b, and the multivalued group attribute, group attribute in which the following are examples:

<Saml: Attribute

NameFormat = n urn: oasis: names : tc: SAML: 2.0: attrname-format: uri n

Name = "urn: oasis: names: tc: SAML: 2.0: profiles: attribute: DCE: groups">

<Saml: Attribute Value xsi: type = "dce: DCEValueType"

dce: FriendlyName = "Group-Ca">

urn: uuid: 008c6181-a288-l 0 -b6d6-004005b 13a2b

</ Saml: Attribute Value>

<Saml: Attribute Value xsi: type = "dce: DCEValueType"

dce: FriendlyName = "Group-Cd">

urn: uuid: 006a5a91 -a2b7- 10f9-824d-004005b 13a2b

</ Saml: Attribute Value>

</ Saml: Attribute>

Wherein the group identifier using a UUID (Universally unique identifiers, Universally Unique Identifier) ​​format, to ensure uniqueness in a distributed environment.

Step 304, the application server based on resource access authorization record these groups provide resources to identify the corresponding user b.

The third embodiment of the present invention, if the added group member peer group event, event notifications are sent every group, and the group information in the notification further includes the specific group identifier, this information can then OP generally maintain a user group distribution information on each site, that is, by a group event notification mechanism that allows the user to know where the OP group, even though these groups are distributed on various websites. Follow-up information group of the user can be provided to the application site to use.

The following describes what the user accesses the application process b web server. Referring to FIG. 4, includes the following steps:

In step 401, the user accepts the application server using an OpenID login b.

Step 402, the application comprises a web server to obtain the group information from a member user b OP-B, such as the group identifier and the like. The method of application server can request to OP-B by the attribute exchange OpenlD (OpenlD Attribute Exchange) comprises a member acquires the group information of the user b. Group identity attribute information response message in the application server is obtained by the attribute exchange method OpenlD contained may include:

openid.ax.value.group_as_member. l = Group-Ca.SNS-C.com

openid.ax.value.group_as_member.2 = Group-Em.SNS-E.com

Thus the application server may know the user identifier based on the group as a member of the group b of the Group-Ca SNS-C, members of the group as well as the Group-Em on other SNS-E and the like.

In addition to obtaining the user has group information from the OP attribute exchange method by OpenlD or as a group member information, the other can be achieved by a method OAuth protocol. Specific user group information as a protected resource (Protected Resource), the application server as a consumer (Consumer), OP stores group information as a service provider server (Service Provider), application server via OAuth protocol process to obtain user group information from the OP there.

In this embodiment may include the application server does not belong to any private users of resources, or an authorized user of public resources for everyone, these resources can be called public resources. And it belongs to a private user and is authorized to access the resources needed by the called private resources. Users can set up resource access authorization to groups or individual users. In addition to the user can be authorized outside groups they own, or even authorize other group users who have the trust, as long as the authorization to set the record.

B application server may return the user name of its owner has access to private resources to the user, or b returns to its list of resources have access to a private link to the user. Examples of the primary return the user name of the present embodiment will be described in the embodiment. B user after logging application site, they are presented with a number of user names and group authorization settings according to some users of these resources is that users can have access to b, and in this way allows users to find more accessible b resources, improve the user experience. In step 403, the user name links to the owner of the application server returns the user b has access private resources.

Application server (included in the user group members b) according to the group identifier in the authorization record and the like is provided (e.g., a user group authorized Group-Ca) obtained group identifier is retrieved from the OP-B can be obtained comparative b user name of the user has access to the resources of private owners (such as user a). Username link User majority Liu b show returned, the user can access the resource list through the link.

General application server does not have to be a one-time owner of the user name b user has access to all the resources of the private return, because sometimes the number will be more, you can press resource update time for the first time only to return part of the user name, the return of private resources the user name of a user is allowed to access those resources b has recently been updated, such as adding new photos, location and other information has changed. For those after a prolonged absence of updated or not updated after the last visit in b user, you can follow the user's request b back again.

Step 404, the application server to the user b requests a resource list to get through the user name link.

In step 405, the application server to verify the identity of the group member user b. When displaying a list of resources in the resource owners as a user in the user b click on this link request, the application server for user authentication b were members of the group, after the validation is successful then show the user a list of resources b access to a user's.

Specifically, the first web server application based on a user's authorization settings resource records and user group information b obtained from OP, obtain the authorization of a user and a member of the group that contains the user b, then to where these groups the server is a request for membership to authenticate the user b. Such as where the group Group-Ca site SNS-C membership request verification that the request to verify whether the user b is a member of the group Group-Ca.

If the application server detects a user group Group-Ca addition there are other members of the group also include user b, but also a user of these groups have been authorized to access the resources provided in the application server, these groups it is possible to set the group-Ca not in the same site that are not SNS-C, then the application server but also for members to authenticate other sites. Application server users may b one by one to verify the identity of the members of these groups, and then verify that the resource group by corresponding have access to a list of resources and set as the user can access b. Application server can send in parallel to these groups of site verification requests.

If a user application server in addition to the Group-Ca-peer group further individual user resource b were authorized, but also to those included in the above resources and concentrated.

The server application may be used to secure HTTPS message authentication request sites SNS-C. If the group information obtained by the application server contains the site where the group address verification service, you can send directly to the authentication service address validation request message, which includes members of group identity and identity.

Application server based on the group information can also be obtained in the group identifier (such as a URL or XRI format identifier), automatic discovery, as for group identity URL format, you can try using Yadis protocol, application server to obtain group group website address where the authentication service provided by the SNS-C, and then sent to the authentication request message to authentication service address. The use HTTPS POST message to send an authentication request carrying the authentication result returned in the response.

In step 406, the application server b returns a list of resources that a user has access to the user or refused to provide a list of resources. After members of the successful authentication, user access to the resource list and then b specific resources can no longer be verified membership.

Benefits were authenticated by the group where the group and other sites such as SNS-C is to prevent forgery b user membership in a group OP-B of Group-Ca. And the group notification mechanism does not guarantee that the site where the group as the group information on the SNS-C can be updated in real time to the OP-B, and therefore the group information on the OP-B data may be inaccurate. It is therefore necessary to the site where a group such as the SNS-C and other requests for group membership verification, rather than the application server using direct trust and group information from the OP-B of the user b.

The fourth embodiment of the present invention is described primarily in the user b login application server, application server b return to their way of private resources have access to a list of links to the user. In this way and return the user name similar way, but the user can see the number of private resource link list. Further according to the present embodiment, by way of further members for the authenticated user after log b, enhanced security. Referring to Figure 5, including the steps of:

Step 501, the user accepts the application server using an OpenID login b.

Step 502, the user is obtained from the web server application OP-B b as a group member information, such as a group identity. In order to improve the efficiency of subsequent members of authentication, authorization application website server may be set up in the absence of the group removed out that if there are no resources had authorization to a certain group, the application server does not have to authenticate users in this group b membership in the group. Application server to determine the presence of the members of group identity and the resource authorization settings in the user b.

In step 503, the application server group member identity of the user to verify b. Group member can authenticate to determine the groups above. These groups may be determined in different sites, the request will have to be verified individually.

If a resource to a user while other groups except for Group-Ca is also an access authorization, and wherein the user is a member b as a Group-Da group. That user b is a member of Group-Ca, but also another group as a member of Group-Da, the application server after successful verification of any one group, you can allow the user to access the resource b. Such as application server failed to authenticate the user when b is a member of Group-Ca, but successfully verified user b is a member of Group-Da, the user b still allow access to the resource.

Step 504, the application server b returns to its list of resources have access to a private link to the user. B user can access resources through private resources link, you do not have to be a member of the group authentication when accessing these resources.

General application server without having to first time users will have access to a private b links to resources all returned because the number may be more, you can update the resource by some private time to return a list of links to resources. You can also return only last a certain time, such as updating the link private resources within a week.

In addition to log in OpenID way, the user can be single sign (SSO, Single Sign-On). Usually consists of a web site as authentication server, the user at login, you need to go to the authentication server for authentication, when authentication is passed, you can access all trust sites, such as the SNS website and application sites. Group information in the authentication server can be centrally stored a system of mutual trust website, server authentication provider and quite above embodiment of OpenlD, except that OpenlD provider is distributed storage user group information. After any user a single sign-on Web site, the site can directly determine the identity authentication server does not have to like OpenlD way to determine the identity OpenlD provider based on user identity. The remaining processing is substantially the same, is not repeated here.

An application site according to a fifth embodiment of the present invention, the server 10 shown in FIG. 6, data providing unit 101 includes a resource, the resource access authorization setting unit 103, registration means 105, and the APP (application sites) are identical to said processing unit connected unit. Resource data providing unit 101, for a variety of resource data contained on the memory of the APP user, such as photos, videos, Web site favorites, comment, log, presence information or location information and other data. Resource access authorization setting unit 103 for storing a resource providing resource access authorization record set by the user, the resource access authorization record provides the correspondence between a user identifier and the resources provided by the authorization group, for example, a user group group-Ca authorization data sets, such as the group-Ca group allows members access to a resource user data in the application website server. Registration means 105, for receiving the user logs using Liu majority of open OpenlD identity, to authenticate the user. OpenlD APP processing unit 107 for obtaining from a user registration means 105, to obtain the group information of the user of the OpenlD providing server, based on the verification of the user group membership information for the group, according to the verification results and resource resource access access authorization setting unit 103 in the authorization record provides resources to the user belongs.

When the application server 10 when the method according to one embodiment of the present invention to provide, in conjunction with FIG. 2, APP processing unit 107 provides the group signature server OP-B information returned by the validation OpenlD, to achieve the user group members identity authentication; when the application server 10 in the embodiment of the method according to the second embodiment of the present invention is provided, in conjunction with FIG. 3, APP the processing unit 107 through a user obtained from a social networking site server SNS-C group information, and to verify the user group membership; when after three, four methods provided by the web server application 10 in an embodiment of the invention, in conjunction with FIG. 4 and FIG. 5, APP processing unit 107 obtains information of the user group members to the social web server SNS-C group member to verify the user's identity. Thus the application server can leverage social data social networking sites such as groups, to authorize the user of resources, greatly facilitate the users to share resources.

A social web server according to a sixth embodiment of the present invention (SNS) 20 is shown in Figure 7, includes a group information providing unit 201 processing unit 203 and the SNS. Group information providing unit 201 for storing the user group information, the group information typically corresponds to a group identifier and the member list, the unique group identifier is typically distributed in the entire social network, which may be guaranteed by the domain name, etc. contained in the group where the group identity of the site. The group information can also be information group name and description. Members list typically includes the user's OpenID identity and other information. SNS processing unit 203, when receiving the adding in the group, the members of the deletion request, the corresponding update group information providing unit 201 stores the group information of the user, such as adding or deleting a member list corresponding to the group OpenID identity; when receiving the request for querying user group information, the group information providing unit 201 acquires the group information corresponding to the user, such as the group of the user group identifier; or, when receiving the authentication corresponding relationship between the group identifier and the list of members of the user when the membership request, based on providing unit 201 stores group information to verify the user's membership. In addition the social networking site processing unit also may first request for user identity verification in the signature verification provided by the user after the group information. This further enhances the security, to prevent other users or third parties impersonate the user to get information whether the user belongs to a group from the social networking site. General users when they log application site such as the use OpenID to log on, you can generate a signature identity after the login is successful, then the identity of the user group information acquisition request carries the signature. Thus social networking sites can provide a server to provide user group information to the application site or OpenID, to be used to verify the identity of the user group.

A social web server (SNS) 22 Example 8 provided in the seventh embodiment of the present invention includes a group information providing unit 221, the group event notification unit 225, SNS processing unit 223 and a signature unit 227. Wherein the group information providing unit 221 and the SNS processing unit 223 includes a full sixth embodiment functions involved. In addition, when a group event group to add or delete members, etc., SNS processing unit 223 trigger group event notification unit 225 notify the member provides OpenID server. The group event notification may include members of the OpenID identity, group identity and group events such as the type of event information. In other embodiments of the present invention, the group event notification may not contain a specific group identity. OpenID provider to inform both the server so it is not necessary to provide accurate allow OpenID server to know which users are members of a specific group, the social networking site server can also do not always add or delete user members. Only when the user first joined the social networking site server all groups, or social networking site when the user is deleted from the server all the groups, the notification provided OpenID server. Signature unit 227 for providing user group information processing unit in the SNS, the group information sign, so tampered during transmission group information, the group information and the signature verification mode. Thus social networking sites can provide safe and reliable server group information after signature of the distributed system security can be guaranteed.

Figure 30 provides an open server identity (the OpenID) provided eight embodiment of the present invention 9, comprising: the identity authentication unit 301, 303, and are respectively connected to the group means group information storage means information provided unit 305. Wherein, the identity authentication unit 301 for receiving a user identity via the user's OpenID Authentication. Group information storage unit 303, group information and various SNS for storing user data, such as: the user's e-mail, date of birth, gender, contacts, groups, group corresponding website, where the user group identifier Wait. As an embodiment, when the group information providing unit 305 receives the group event notifications from SNS-C, notification to update the group information corresponding to the user group information storage unit 303 stores the event in accordance with the group. Among them, the group event by including the following fields: group- event- type group event type, member- id for the user's OpenID identity, alternatively, may also include a group group- host the site where the server address. When carrying out the present invention OP30 temporarily embodiment, the social group information providing server upon receiving the information acquisition request containing the group of the user b, where the website address stored corresponding to the group unit 305 is further configured SNS- C group information acquisition request user b. When performing OP30 embodiment Second embodiment of the present invention, the group information providing unit 305 is also configured to, when receiving the group information site where the obtained user b, user information providing site where the group b.

Further, in conjunction with FIG. 10, according to a ninth embodiment of the present invention provides a OpenlD providing server 32, wherein the identity authentication unit 321 function the same as the eighth embodiment will not be repeated here. Further, in the present embodiment, OP32 325 further comprising after receiving a group event notification, the event group according to the group information providing unit 325 is connected to the group event confirmation unit 327, the group information providing unit for, when notification update the group information storage unit 323 corresponding to the user's group information. The corresponding member of the next time you log OP, group event confirmation unit 327 displays the received notification to the group members, and prompted the group members to confirm. If users do not trust the sites such as SNS-C, or that the site SNS-C may be a malicious (such as used to distribute advertising information, or malicious user activity tracking, etc.), you can refuse to confirm the operation. After the group members to confirm the operation, OP members of the group setting confirmation mark the site SNS-C. If subsequent users no longer trust the website SNS-C, it can be modified to reject confirmation mark symbol. OpenlD user group information providing server to obtain only through the website of the group's request to the user to confirm.

System Architecture FIG. 11 view of a user access to web server resources application Embodiment 10 provides Embodiment present invention is shown. Wherein the application server 10, web server 20 and the social OpenlD providing server 30 in the fifth embodiment, according to a sixth embodiment and embodiments are described in the eighth embodiment, like not described herein. Wherein, the APP processing unit 107, SNS processing unit 203, and the group is connected to the information providing unit 305 twenty-two to implement the application server 10, web server 20 and OpenlD social interaction between the server 30 provides. The main system architecture for implementing and embodiment of a method according to a second embodiment of the embodiment of the present invention is provided.

As shown in FIG. 12 system architecture diagram of a user access to web server resources, the application provides according to an eleventh embodiment of the present invention. Where the application server 10, a social networking site server 22 and OpenlD providing server 32 in the fifth embodiment, for example, and in seven cases are described ninth embodiment will not be repeated here. Wherein, the APP processing unit 107, SNS 223 and the processing unit group connected to the information providing unit 325 twenty-two to implement the application server 10, web server 22 and OpenlD social interaction between the server 32 provides. The system architecture is mainly used to implement the method provided according to a fourth embodiment and according to a third embodiment of the present invention.

When ordinary skill in the art may understand that the above embodiments of the method steps may be all or part by a program instructing relevant hardware, the program may be stored in a computer-readable storage medium, the program runs performing all or part of the steps in the preceding embodiments. The storage medium may be a read-only memory, magnetic or optical disk. The spirit and scope of the invention. Thus, if these modifications and variations of the present invention fall within the claims of the invention and the scope of equivalents thereof, the present invention intends to include these modifications and variations.

Claims

Claims
1. A method of providing a user access to a resource, characterized by, comprising:
The identity of the user identification to a corresponding access server obtains the user group information; information according to the group n ^ i of the group member identity of the user;
Providing resources for the user based on authentication results.
2. The method as claimed in claim 1, wherein said receiving user login identity open majority by Liu, a corresponding identity determining identity open open providing server according to the identity of the user;
Obtaining group information providing server of the user identity from a user's opening;
The n ^ i of the group information of the group member identity of the user;
Providing resources for the user based on authentication results.
3. The method as claimed in claim 2, wherein the user identity open providing server stores the user information as the site where the group member, the opening providing server from the user identity to obtain the step group information of the user specifically is:
Open to the identity of the user to request the user identifier providing server as a group member information;
After providing server at the user's identity open to the user as a member of the group where the site gets signed group information, the user receives an open identity provides the server forwards the signed group information .
4. The method as claimed in claim 3, wherein, when the first user group is added to the site or sites completely removed from a group, the site providing server transmits to the user group identity open event notification;
The user's open Identity Provider server notifies the user informed as information site where members of the group according to the group event.
5. The method as claimed in claim 4, wherein, after providing server receives the group event notification, the user is prompted for confirmation of the user identity open; open identity of the user to the providing server only through the website of the group to request the user to confirm the signed group information.
6. The method as claimed in claim 3, characterized in that the identity of the user from opening providing server identifies the user group obtaining information comprises an open identity, a list of the user group identifier, the time stamp comprising random number and signature-related information.
7. The method as claimed in claim 2, wherein said opening providing server from the user group obtaining identity information of the user is a member of the group having the website information included in the user, according to the the group information to verify the user's group memberships: obtaining specific group identity contained in the user group members from the website of the group.
8. A method as claimed in claim 7, characterized in that the Security Assertion Markup Language HTTP POST protocol messages carried from the site where the group identifier for specific members of the group included in the group of the user, in the message body contains specific group attribute assertion of said group identity.
9. A method as claimed in claim 2, characterized in that the identity of the user opening providing server stores the user identifier as the group identifier of the group member, the identity of the user providing server obtains the identity of the user from the open group information includes group identification information corresponding to its website; links to determine the user name of the owner of the user has access to resources based on the identity of the server to provide the group obtained from the user's open identity, and Liu majority is returned to the user; receiving a user via a user name of the link request to obtain a list of resources;
Requesting verification of the user's group memberships to the website of the group according to the group information; returns a list of links to resources the user name corresponding to the user after the verification.
Step 10, The method as claimed in claim 9, wherein requesting authentication of the user to the group membership website of the group according to the group information specifically comprises: setting recording and according to a resource authorization from the user's open identity Provider server user identification information obtained by the group, draw the user name link identifier corresponding to the group of authorized users and group members including the user; only Burgundy, according to the group identifier to determine where the group website;
The user can access a resource; 11, The method according to claim 10, wherein, if the site where the determined group is more than one site where the group is concurrent to each group member requests authentication list and returned to the user Liu majority control.
12. The method according to claim 10, wherein the information obtained according to the group identifier in the group, according to a non-centralized authentication system interoperability automatic discovery protocol, where the members of the group received from a group of the website authentication service address and service address requests to verify group membership verification.
13. A method as claimed in any one of claims 1 to 12, characterized in that, according to the verification result to the user to provide resources specifically: The resource access authorization record in the group identifier and the identity of the user from the open identity provider server group identification information group obtained in comparison, resource list or a list of user names returned to the user.
14. A method as claimed in any one of claims 1 to 12, characterized in that said user group information is obtained by an open body.
15. A method as claimed in any one of claims 1 to 12, characterized in that the list of links to provide some resources or resource link at the user name list update.
16. The method according to any one of claim 1 to 12 claim, wherein the resources include photos, videos, posts, comments, URL collection, presence information or location information.
17. A method as claimed in claim 1, characterized in that, by accepting the user logon single sign-on, the user group information is obtained from the user authentication server;
The n ^ i of the group information of the group member identity of the user;
Providing resources for the user based on authentication results.
18, an application server, characterized by comprising:
Resource data providing unit for storing the resource;
Resource access authorization setting unit for resource access authorization record store, said resource access authorization record store group identifier and the correspondence relationship between the resource;
Registering means for receiving a user's login information, including a user identity; application site processing unit configured to obtain the group information of the user according to the user identity, group information for the group authentication, provide resources to users based on authentication results.
19. The use of the web server according to claim 18, characterized in that said registration means receives the user login information including the user's identity opening; providing server identity of the user group information is obtained, according to the authenticating the user of said group membership information for the group, according to the authentication result and authorization record the resource access, providing the resource to the user.
20. A social networking site server, characterized in that it comprises:
Group information providing unit for storing the group information of the user;
Social networking site processing unit, when receiving the authentication request of the user member, to provide information about the group membership of the user authentication unit according to the group information stored.
21, a social networking site server as claimed in claim 20, wherein the social networking site processing unit is further configured to, when received in the group added, deleted member requests, providing the updated group information storage unit the user group information; upon receiving the request for querying user group information providing unit acquires a corresponding user group information from the group information and returned to the requester.
22, a social networking site server as claimed in claim 21, characterized in that, further comprising: a group event notification means for, when in the group receiving the add, remove members request, the processing unit triggers social networking group group event notification unit provides the server to send a group event notification to open the identity of the members.
23, a social networking site server as claimed in claim 21, characterized in that, further comprising: a group event notification unit only when the user is first added to the group or completely removed from the group, to the user open identity Provider server to send a group event notification.
24, a social networking site server as claimed in claim 20, characterized in that, further comprising: signature means, for providing a user of the requesting party social networking site processing unit group information, the group information signature.
25, a social networking site server as claimed in claim 20, wherein said first processing unit social networking site requests the user identity verification signature, verification by the user before providing the group information.
26, an open identity providing server, characterized by comprising:
Group information storage unit for storing the group information of the user;
Group information providing unit for, when receiving a request to acquire the user group information, the group information of the user to return to the group information stored in the storage unit.
27, open identity as claimed in claim 26 providing server, wherein said group information providing unit upon receiving a group event notifications from the social networking site, a notification event update group according to the group group information corresponding to the user information stored in the storage unit.
28, as claimed in claim 26 OpenID identity providing server, characterized by further comprising:
Group event confirmation unit, after receiving the group for event notification, the user is prompted for confirmation, provide the identity of the server open only request group information to the user confirmation of the website of the group.
29, as claimed in claim 26 OpenID identity provider server, wherein the group information of the group information storage unit in the server with the user identifier corresponding to the group address is located;
The group information providing unit when receiving the request to obtain user group information, address.
30, as claimed in claim 26 OpenID identity provider server, wherein the group information of the group information storage unit in the server with the user identifier corresponding to the group address is located;
The group information providing unit according to a user authentication request identifier sent by the application server, determining a user identifier corresponding to the address of the server where the group, the group acquires a verification result to the server group is located, and supplied to the application server.
31, access to the system resources in a social network, characterized by comprising: an application server, for accepting user by using open majority Liu identity to log provides the server from the user's identity to obtain open the user group information, the group according to the group membership information of the user authentication, based on the verification result of providing resources to the user; open identity-providing server for storing group information, including the user as a member of the information site where the group receiving the application server group information acquisition request, to the user as a site where members of the group get signed group information, and then the signed group information is returned to the application The server;
Social networking site servers, which store user group when adding or deleting members, the social networking site server server to send a group event notification to the user's open identity.
PCT/CN2009/076141 2008-12-31 2009-12-28 Method, server and system for providing resource for an access user WO2010075761A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN 200810242210 CN101771677B (en) 2008-12-31 2008-12-31 Method for providing resource for access user, server and system thereof
CN200810242210.6 2008-12-31

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP09836048.0A EP2383946B1 (en) 2008-12-31 2009-12-28 Method, server and system for providing resource for an access user

Publications (1)

Publication Number Publication Date
WO2010075761A1 true WO2010075761A1 (en) 2010-07-08

Family

ID=42309810

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/076141 WO2010075761A1 (en) 2008-12-31 2009-12-28 Method, server and system for providing resource for an access user

Country Status (3)

Country Link
EP (1) EP2383946B1 (en)
CN (1) CN101771677B (en)
WO (1) WO2010075761A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103001782A (en) * 2011-09-09 2013-03-27 中兴通讯股份有限公司 Method, system and server for managing social networks

Families Citing this family (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102387092B (en) * 2010-09-06 2014-09-03 腾讯科技(深圳)有限公司 Method and device for managing message
CN101950308A (en) * 2010-09-30 2011-01-19 深圳市戴文科技有限公司 Method, device, server and system for displaying network comment information
US9483751B2 (en) 2011-02-18 2016-11-01 Google Inc. Label privileges
JP2014515902A (en) * 2011-04-21 2014-07-03 エンパイア テクノロジー ディベロップメント エルエルシー Locating Restorative social networking using the mobile device
CN102361479A (en) * 2011-06-24 2012-02-22 上海合合信息科技发展有限公司 Method and system for obtaining designated information
CN102281140B (en) * 2011-06-24 2014-04-16 上海合合信息科技发展有限公司 Acquisition method and system thereof for designated information
CN102938757B (en) * 2011-08-15 2017-12-08 中兴通讯股份有限公司 Shared network method and the identity of the user data provision server
US20130106829A1 (en) * 2011-11-02 2013-05-02 Microsoft Corporation Selective roaming lists
US9210164B2 (en) * 2012-01-08 2015-12-08 International Business Machines Corporation Confidential information access via social networking web site
US8904013B2 (en) * 2012-01-26 2014-12-02 Facebook, Inc. Social hotspot
CN103259766B (en) * 2012-02-17 2016-03-16 腾讯科技(深圳)有限公司 Service management method and system for group information
WO2013145517A1 (en) * 2012-03-28 2013-10-03 ソニー株式会社 Information processing device, information processing system, information processing method, and program
CN102664926B (en) * 2012-03-29 2015-07-01 北京奇虎科技有限公司 Method and system for user information sharing
KR20130143263A (en) * 2012-06-21 2013-12-31 에스케이플래닛 주식회사 Method for authentication users using open id based on trusted platform, apparatus and system for the same
WO2014059604A1 (en) * 2012-10-16 2014-04-24 华为技术有限公司 Method and device for secure access to resource
US9253433B2 (en) * 2012-11-27 2016-02-02 International Business Machines Corporation Method and apparatus for tagging media with identity of creator or scene
CN103019816A (en) * 2012-11-29 2013-04-03 北京网秦天下科技有限公司 Application management method and server
CN104022875B (en) * 2013-03-01 2017-09-01 中兴通讯股份有限公司 A two-way authorization system, and method for client
CN104065618B (en) * 2013-03-20 2017-11-14 腾讯科技(深圳)有限公司 A control method for user permissions, and a terminal server
CN103309987B (en) * 2013-06-18 2016-05-25 阔地教育科技有限公司 Implementation method and system for processing web access
CN103605480B (en) * 2013-10-29 2016-08-17 新浪网技术(中国)有限公司 Web server and its disk resource access control method
CN104869142A (en) * 2014-02-26 2015-08-26 苏州海博智能系统有限公司 Link sharing method based on social platform, system and device
CN105022938A (en) * 2014-04-17 2015-11-04 苏州海博智能系统有限公司 Multidimensional pointer information platform
WO2015158288A1 (en) * 2014-04-17 2015-10-22 苏州海博智能系统有限公司 Multi-dimensional information pointer platform and data access method thereof
CN103973690B (en) * 2014-05-09 2018-04-24 北京智谷睿拓技术服务有限公司 Resource access method and resource access device
CN103986643B (en) * 2014-05-16 2016-10-12 北京奇虎科技有限公司 Based on the method and device browser to access the site corresponding group
CN103986644B (en) * 2014-05-16 2017-04-05 北京奇虎科技有限公司 Browser-based method and apparatus for interactive website
US20150358332A1 (en) * 2014-06-09 2015-12-10 Qualcomm Incorporated Determining trust levels on a device receiving authorization
CN105227893A (en) * 2014-06-27 2016-01-06 中兴通讯股份有限公司 Terminal calling conference-joining method and system based on on-line conference
CN104135386A (en) * 2014-08-11 2014-11-05 联想(北京)有限公司 Method for expanding resources and method for controlling resources
CN104394174B (en) * 2014-12-15 2017-06-09 邱红涛 Social networking system login method and login system
CN106330813A (en) * 2015-06-16 2017-01-11 华为技术有限公司 Method, device and system for processing authorization
CN105187417B (en) * 2015-08-25 2018-10-02 北京京东尚科信息技术有限公司 Method and apparatus for obtaining permissions
CN105608939A (en) * 2016-01-20 2016-05-25 深圳市巨龙科教高技术股份有限公司 Teaching resource file obtaining method and apparatus, and interactive teaching system
CN105871838B (en) * 2016-03-30 2019-03-01 努比亚技术有限公司 A kind of log-in control method and customer center platform of third party's account
CN106533693A (en) * 2016-11-03 2017-03-22 中车青岛四方机车车辆股份有限公司 Access method and device of railway vehicle monitoring and maintenance system
US20180359136A1 (en) * 2017-06-08 2018-12-13 Microsoft Technology Licensing, Llc Managing alerts regarding additions to user groups

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070061730A1 (en) * 2005-09-15 2007-03-15 Microsoft Corporation Multipersona creation and management
CN101039284A (en) * 2006-03-16 2007-09-19 腾讯科技(深圳)有限公司 Method for transmitting instant message to group
CN101103354A (en) * 2004-11-29 2008-01-09 诺基亚公司 Providing a service based on an access right to a shared data
CN101159714A (en) * 2007-11-30 2008-04-09 腾讯科技(深圳)有限公司 Instant communication method, device and cluster server

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7076795B2 (en) * 2002-01-11 2006-07-11 International Business Machiness Corporation System and method for granting access to resources

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101103354A (en) * 2004-11-29 2008-01-09 诺基亚公司 Providing a service based on an access right to a shared data
US20070061730A1 (en) * 2005-09-15 2007-03-15 Microsoft Corporation Multipersona creation and management
CN101039284A (en) * 2006-03-16 2007-09-19 腾讯科技(深圳)有限公司 Method for transmitting instant message to group
CN101159714A (en) * 2007-11-30 2008-04-09 腾讯科技(深圳)有限公司 Instant communication method, device and cluster server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2383946A4 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103001782A (en) * 2011-09-09 2013-03-27 中兴通讯股份有限公司 Method, system and server for managing social networks

Also Published As

Publication number Publication date
EP2383946A4 (en) 2012-04-11
EP2383946B1 (en) 2018-06-13
CN101771677A (en) 2010-07-07
EP2383946A1 (en) 2011-11-02
CN101771677B (en) 2013-08-07

Similar Documents

Publication Publication Date Title
Maler et al. The venn of identity: Options and issues in federated identity management
AU2013243769B2 (en) Secure authentication in a multi-party system
EP1766840B1 (en) Graduated authentication in an identity management system
US8949963B2 (en) Application identity design
US9628448B2 (en) User and device authentication in enterprise systems
US9002018B2 (en) Encryption key exchange system and method
US9300653B1 (en) Delivery of authentication information to a RESTful service using token validation scheme
US8667579B2 (en) Methods, systems, and computer readable media for bridging user authentication, authorization, and access between web-based and telecom domains
JP5264776B2 (en) Provisioning of digital identity representation
US9984370B2 (en) System and method to support identity theft protection as part of a distributed service oriented ecosystem
ES2281760T3 (en) Method and apparatus for implementing a secure VPN access through modified certificate chains.
CA2633311C (en) Method, apparatus and program products for custom authentication of a principal in a federation by an identity provider
US7240362B2 (en) Providing identity-related information and preventing man-in-the-middle attacks
Sakimura et al. OpenID Connect Core 1.0 incorporating errata set 1
US10333916B2 (en) Disposable browsers and authentication techniques for a secure online user environment
US20080072301A1 (en) System And Method For Managing User Authentication And Service Authorization To Achieve Single-Sign-On To Access Multiple Network Interfaces
JP6170158B2 (en) Mobile multi single sign-on authentication
EP2632108B1 (en) Method and system for secure communication
US8291474B2 (en) Using opaque groups in a federated identity management environment
CN100592827C (en) System, method and apparatus for federated single sign-on services
US9565178B2 (en) Using representational state transfer (REST) for consent management
El Maliki et al. A survey of user-centric identity management technologies
EP2055077B1 (en) Method and apparatus for providing trusted single sign-on access to applications and internet-based services
US8881227B2 (en) Secure web container for a secure online user environment
US8819784B2 (en) Method for managing access to protected resources and delegating authority in a computer network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09836048

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2009836048

Country of ref document: EP